On Fri, Nov 29, 2013 at 03:08:44PM +0100, Fred van Zwieten wrote:
> Jakub,
> Yes, I could do this. But then the local root account cannot su to local
> users (without password). But that is actually a normal use-case. I just
> think local root should not be allowed to transition to a domain user, by
> default.
> Fred

Ah, in that case I'm not sure if there's an easy solution, at least I
don't know any off hand. I think Alexander is right that SELinux would
be a good choice.

Freeipa-users mailing list

Reply via email to